@tt-a1i/hive 2.1.11 → 2.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. package/CHANGELOG.md +13 -0
  2. package/README.md +13 -11
  3. package/README.zh.md +9 -8
  4. package/dist/src/cli/hive-defaults.d.ts +1 -0
  5. package/dist/src/cli/hive-defaults.js +1 -0
  6. package/dist/src/cli/hive-mcp.js +2 -1
  7. package/dist/src/cli/hive.d.ts +2 -0
  8. package/dist/src/cli/hive.js +4 -2
  9. package/dist/src/server/agent-run-starter.js +14 -0
  10. package/dist/src/server/agent-stdin-dispatcher.js +2 -2
  11. package/dist/src/server/claude-trust-store.d.ts +14 -0
  12. package/dist/src/server/claude-trust-store.js +67 -0
  13. package/dist/src/server/codex-trust-store.d.ts +14 -0
  14. package/dist/src/server/codex-trust-store.js +72 -0
  15. package/dist/src/server/command-preset-defaults.d.ts +1 -1
  16. package/dist/src/server/command-preset-defaults.js +10 -0
  17. package/dist/src/server/post-start-input-writer.d.ts +1 -0
  18. package/dist/src/server/post-start-input-writer.js +77 -34
  19. package/dist/src/server/sqlite-schema-v38.d.ts +2 -0
  20. package/dist/src/server/sqlite-schema-v38.js +26 -0
  21. package/dist/src/server/sqlite-schema.d.ts +1 -1
  22. package/dist/src/server/sqlite-schema.js +6 -1
  23. package/dist/src/server/workflow-cli-policy.d.ts +1 -1
  24. package/dist/src/server/workflow-cli-policy.js +1 -0
  25. package/package.json +3 -3
  26. package/web/dist/assets/{AddWorkerDialog-CMQdmZJQ.js → AddWorkerDialog-DcEIii34.js} +2 -2
  27. package/web/dist/assets/AddWorkspaceFlow-BTYcc0tV.js +1 -0
  28. package/web/dist/assets/{FirstRunWizard-PRHGFYry.js → FirstRunWizard-Bdb1l71P.js} +1 -1
  29. package/web/dist/assets/{MarketplaceDrawer-Dm-Z-YL8.js → MarketplaceDrawer-C1MjJMok.js} +1 -1
  30. package/web/dist/assets/{TaskGraphDrawer-HaGRlpar.js → TaskGraphDrawer-DFYARCjj.js} +1 -1
  31. package/web/dist/assets/{WhatsNewDialog-9upxbs9b.js → WhatsNewDialog-rUU_Roz8.js} +1 -1
  32. package/web/dist/assets/{WorkerModal-DAC0fORb.js → WorkerModal-CuB3F-m-.js} +1 -1
  33. package/web/dist/assets/WorkflowsDrawer-Bk87nnDw.js +1 -0
  34. package/web/dist/assets/{WorkspaceMemoryDrawer-QvVUM6qp.js → WorkspaceMemoryDrawer-DPfFpEwj.js} +1 -1
  35. package/web/dist/assets/{WorkspaceTaskDrawer-CdiraIBo.js → WorkspaceTaskDrawer-DOWlwBCm.js} +1 -1
  36. package/web/dist/assets/{index-B1vvo0-M.js → index-XUIK5lOA.js} +5 -5
  37. package/web/dist/assets/{search-DgMNPsfM.js → search-DFKWO_9l.js} +1 -1
  38. package/web/dist/assets/{square-terminal-CiDDFh5Z.js → square-terminal-D54LkZqa.js} +1 -1
  39. package/web/dist/cli-icons/pi.svg +26 -0
  40. package/web/dist/index.html +1 -1
  41. package/web/dist/manifest.webmanifest +1 -1
  42. package/web/dist/sw.js +1 -1
  43. package/web/dist/assets/AddWorkspaceFlow-arGy-LVX.js +0 -1
  44. package/web/dist/assets/WorkflowsDrawer-Dqv4vNZW.js +0 -1
package/CHANGELOG.md CHANGED
@@ -2,6 +2,19 @@
2
2
 
3
3
  All notable user-facing changes will be documented in this file.
4
4
 
5
+ ## 2.1.12 - 2026-06-25
6
+
7
+ Default port and Pi agent support.
8
+
9
+ - Changes Hive's default local runtime port from `3000` to `9483`, reducing
10
+ collisions with common local development services while keeping `--port 0`
11
+ available for OS-assigned ports.
12
+ - Updates the local Supervisor MCP adapter and Vite dev proxy to follow the
13
+ same default port.
14
+ - Adds Pi as a built-in agent preset with `pi --approve`, including workflow
15
+ CLI policy support, prompt-readiness handling, and migration support for
16
+ existing Hive databases.
17
+
5
18
  ## 2.1.11 - 2026-06-25
6
19
 
7
20
  Supervisor MCP bridge and terminal input polish.
package/README.md CHANGED
@@ -8,7 +8,7 @@
8
8
  <img src="./assets/hive-hero.png" alt="Hive local-first multi-agent collaboration workspace hero image" />
9
9
  </p>
10
10
 
11
- **Run Claude Code, Codex, Gemini, OpenCode, Qwen, and other CLI agents as a visible local team.** Hive gives you one browser workbench where an
11
+ **Run Claude Code, Codex, Gemini, OpenCode, Qwen, Pi, and other CLI agents as a visible local team.** Hive gives you one browser workbench where an
12
12
  Orchestrator plans and delegates while workers implement, review, test,
13
13
  research, and report back — all as real PTY processes on your laptop.
14
14
 
@@ -48,7 +48,7 @@ awkward:
48
48
 
49
49
  Hive adds the coordination layer without replacing the CLIs. The Orchestrator
50
50
  is a real `agy` / `claude` / `codex` / `opencode` / `gemini` / `hermes` /
51
- `qwen` process, not a scripted PM. Workers are real CLI agents too. Hive
51
+ `qwen` / `pi` process, not a scripted PM. Workers are real CLI agents too. Hive
52
52
  injects a small `team` command into their shells, so they can dispatch,
53
53
  report, and keep a shared markdown task graph at `<workspace>/.hive/tasks.md`.
54
54
 
@@ -117,8 +117,8 @@ Those warnings usually come from npm's install-script review plus native
117
117
  binary setup for `node-pty`, `better-sqlite3`, and `esbuild`; they do not mean
118
118
  Hive failed to install. The troubleshooting section below breaks them down.
119
119
 
120
- Open the printed local URL, usually `http://127.0.0.1:3000/`. Use
121
- `hive --port 4010` when you need a specific local port.
120
+ Open the printed local URL, usually `http://127.0.0.1:9483/`. Use
121
+ `hive --port 0` when you want Hive to ask the OS for any free local port.
122
122
 
123
123
  To upgrade in place:
124
124
 
@@ -133,7 +133,7 @@ npm copy will shadow your existing install.
133
133
 
134
134
  Install Hive as an app (optional):
135
135
 
136
- Open `http://127.0.0.1:3000/` in Chrome, Edge, or Brave and click the install
136
+ Open `http://127.0.0.1:9483/` in Chrome, Edge, or Brave and click the install
137
137
  icon at the right edge of the browser's omnibox. The PWA launches in its own
138
138
  dock-anchored window without browser chrome and shows **Add Workspace** /
139
139
  **Try Demo** shortcuts from the dock right-click menu. Firefox and Safari
@@ -143,8 +143,8 @@ only appears in Chromium-based browsers.
143
143
  The Hive daemon must still be running for the PWA to do anything; if the
144
144
  runtime isn't reachable when you launch the app, you'll see a "Hive runtime
145
145
  is not running" page that auto-reloads once `hive` is back on `127.0.0.1`.
146
- The PWA install scope is keyed by origin, so `hive --port 4011` installs as
147
- a separate app from `hive --port 3000`. To uninstall, visit `chrome://apps`,
146
+ The PWA install scope is keyed by origin, so `hive --port 9484` installs as
147
+ a separate app from `hive --port 9483`. To uninstall, visit `chrome://apps`,
148
148
  right-click the Hive tile, and choose **Remove from Chrome…**.
149
149
 
150
150
  Hive asks the browser to confirm before closing the tab or PWA window so an
@@ -220,6 +220,7 @@ Three details matter:
220
220
  | Gemini | `gemini` | `--yolo` | `--resume <session_id>` |
221
221
  | Hermes | `hermes` | `--yolo` | `--resume <session_id>` |
222
222
  | Qwen Code | `qwen` | `--approval-mode yolo` | `--resume <session_id>` |
223
+ | Pi | `pi` | `--approve` | Session id capture not wired yet |
223
224
  | Cursor CLI | `cursor` | `--force` | Session id capture not wired yet |
224
225
  | Grok Build | `grok` | `--always-approve` | Session id capture not wired yet |
225
226
  | Custom | Any executable | User configured | User configured |
@@ -232,7 +233,7 @@ same shell environment you use to start Hive.
232
233
  | Tier | CLIs | Commitment |
233
234
  | --- | --- | --- |
234
235
  | Tier 1 | Claude Code, Codex | Minimum compatibility report in CI (`pnpm compat:cli:report`): Node 22, `node-pty`, `better-sqlite3`, and CLI version detection when installed. |
235
- | Tier 2 | Gemini, OpenCode, Qwen Code, Hermes, Cursor CLI, Grok Build, Antigravity CLI | Built-in presets and manual smoke coverage; upstream CLI changes may require user reports before Hive catches up. |
236
+ | Tier 2 | Gemini, OpenCode, Qwen Code, Hermes, Pi, Cursor CLI, Grok Build, Antigravity CLI | Built-in presets and manual smoke coverage; upstream CLI changes may require user reports before Hive catches up. |
236
237
  | Custom | Any executable | User-maintained command, args, and auth behavior. Hive preserves the PTY/session wrapper but cannot promise CLI-specific compatibility. |
237
238
 
238
239
  ## What Hive Provides
@@ -250,7 +251,8 @@ same shell environment you use to start Hive.
250
251
  - Workflow CLI policy: choose the default CLI for workflow-created agents and
251
252
  restrict which CLIs workflow scripts may launch.
252
253
  - `.hive/tasks.md` editor with external-file conflict handling.
253
- - Background PTY preservation and best-effort native session resume.
254
+ - Background PTY preservation and best-effort native session resume for presets with
255
+ configured session capture.
254
256
  - A What's New dialog after upgrades with curated release highlights.
255
257
  - Local SQLite metadata under `%APPDATA%\hive` on Windows and `~/.config/hive`
256
258
  on macOS / Linux by default, or `$HIVE_DATA_DIR` when set.
@@ -404,7 +406,7 @@ pnpm install
404
406
  pnpm dev
405
407
  ```
406
408
 
407
- Development mode runs the runtime on `127.0.0.1:4010`; Vite runs on
409
+ Development mode runs the runtime on `127.0.0.1:9483`; Vite runs on
408
410
  `127.0.0.1:5180` and proxies API and WebSocket traffic to the runtime.
409
411
 
410
412
  Useful checks:
@@ -419,7 +421,7 @@ Production-style local run:
419
421
 
420
422
  ```bash
421
423
  pnpm build
422
- node dist/src/cli/hive.js --port 4010
424
+ node dist/src/cli/hive.js --port 9483
423
425
  ```
424
426
 
425
427
  The production server serves the built web UI directly. No Vite server is
package/README.zh.md CHANGED
@@ -8,7 +8,7 @@
8
8
  <img src="./assets/hive-hero.png" alt="Hive 本机多 agent 协作工作台" />
9
9
  </p>
10
10
 
11
- **Hive 是浏览器里的 Agent 协作工作台——一群 Agent 在你本机各自开工,一个当 Orchestrator 派活、归总进展,其余各司其职。** Orchestrator 本身就是一个真实的 `agy` / `claude` / `codex` / `opencode` / `gemini` / `hermes` / `qwen` 进程——不是你、也不是脚本——它派单的 Worker 同样是真 CLI agent。所有 agent 都是本机真实的 PTY 进程,通过 Hive 注入到 shell 里的小型 `team` 协议互相通信,共享 `<workspace>/.hive/tasks.md` 这份 markdown 任务图。
11
+ **Hive 是浏览器里的 Agent 协作工作台——一群 Agent 在你本机各自开工,一个当 Orchestrator 派活、归总进展,其余各司其职。** Orchestrator 本身就是一个真实的 `agy` / `claude` / `codex` / `opencode` / `gemini` / `hermes` / `qwen` / `pi` 进程——不是你、也不是脚本——它派单的 Worker 同样是真 CLI agent。所有 agent 都是本机真实的 PTY 进程,通过 Hive 注入到 shell 里的小型 `team` 协议互相通信,共享 `<workspace>/.hive/tasks.md` 这份 markdown 任务图。
12
12
 
13
13
  写代码、做调研、起草文档、做翻译——凡是能拆给一群人协作的脑力活,都可以让一群 Agent 合伙干。
14
14
 
@@ -94,7 +94,7 @@ npm install -g @tt-a1i/hive --registry=https://registry.npmmirror.com
94
94
 
95
95
  安装时如果看到 `npm warn allow-scripts` 或 `prebuild-install@7.1.3 deprecated`,先看最后是否显示 `added ... packages`。这些 warning 多数来自 npm 对安装脚本的安全审查,以及 `node-pty` / `better-sqlite3` / `esbuild` 这类原生依赖的二进制安装链路;不代表 Hive 启动失败。下面的故障排查里有逐项解释。
96
96
 
97
- 打开终端打印出来的本机地址,通常是 `http://127.0.0.1:3000/`。如果你想指定端口,可以用 `hive --port 4010`。
97
+ 打开终端打印出来的本机地址,通常是 `http://127.0.0.1:9483/`。如果你想让系统自动分配一个空闲端口,可以用 `hive --port 0`。
98
98
 
99
99
  升级到最新版本:
100
100
 
@@ -106,9 +106,9 @@ hive update
106
106
 
107
107
  把 Hive 装为应用(可选):
108
108
 
109
- 在 Chrome / Edge / Brave 里打开 `http://127.0.0.1:3000/`,点浏览器地址栏右侧的安装图标即可。装好后 Hive 会以独立窗口启动、有自己的 dock 图标,且 dock 右键菜单上会显示 **添加 Workspace** / **试用演示** 两个快捷入口。Firefox 和 Safari 暂未实现 PWA install-prompt 协议,浏览器地址栏的安装图标只在 Chromium 系浏览器里出现。
109
+ 在 Chrome / Edge / Brave 里打开 `http://127.0.0.1:9483/`,点浏览器地址栏右侧的安装图标即可。装好后 Hive 会以独立窗口启动、有自己的 dock 图标,且 dock 右键菜单上会显示 **添加 Workspace** / **试用演示** 两个快捷入口。Firefox 和 Safari 暂未实现 PWA install-prompt 协议,浏览器地址栏的安装图标只在 Chromium 系浏览器里出现。
110
110
 
111
- PWA 只是 UI 壳,Hive 后端仍需要在终端里跑着。如果启动 PWA 时后端没起,会看到 “Hive 后端未启动” 页面,等你跑起 `hive` 后会自动刷新。PWA 的 install scope 按 origin(含端口)划分,所以 `hive --port 4011` 跟 `hive --port 3000` 在浏览器看来是两个独立应用。卸载方法:浏览器地址栏访问 `chrome://apps`,右键 Hive 图标,选 **从 Chrome 中移除…**。
111
+ PWA 只是 UI 壳,Hive 后端仍需要在终端里跑着。如果启动 PWA 时后端没起,会看到 “Hive 后端未启动” 页面,等你跑起 `hive` 后会自动刷新。PWA 的 install scope 按 origin(含端口)划分,所以 `hive --port 9484` 跟 `hive --port 9483` 在浏览器看来是两个独立应用。卸载方法:浏览器地址栏访问 `chrome://apps`,右键 Hive 图标,选 **从 Chrome 中移除…**。
112
112
 
113
113
  关闭 PWA 窗口或 tab 时 Hive 会主动请求浏览器弹原生确认对话框,避免关闭快捷键(macOS 上是 Cmd+W、Windows / Linux 上是 Ctrl+W)误关丢失会话。但现代浏览器要求你跟页面"交互过"(点击 / 滚动 / 输入)才会真的弹这个对话框——刚打开 PWA 立刻按关闭快捷键仍会直接关闭,这是浏览器策略,不是 Hive 的 bug。
114
114
 
@@ -165,6 +165,7 @@ Workspace 任务图:
165
165
  | Gemini | `gemini` | `--yolo` | `--resume <session_id>` |
166
166
  | Hermes | `hermes` | `--yolo` | `--resume <session_id>` |
167
167
  | Qwen Code | `qwen` | `--approval-mode yolo` | `--resume <session_id>` |
168
+ | Pi | `pi` | `--approve` | 暂未自动捕获 session id |
168
169
  | Cursor CLI | `cursor` | `--force` | 暂未自动捕获 session id |
169
170
  | Grok Build | `grok` | `--always-approve` | 暂未自动捕获 session id |
170
171
  | 自定义 | 任意可执行文件 | 自己配 | 自己配 |
@@ -176,7 +177,7 @@ Hive 不替你安装这些 CLI。请在启动 Hive 的同一个 shell 环境里
176
177
  | 分级 | CLI | 承诺 |
177
178
  | --- | --- | --- |
178
179
  | Tier 1 | Claude Code、Codex | CI 生成最小兼容报告(`pnpm compat:cli:report`):检查 Node 22、`node-pty`、`better-sqlite3`,并在本机已安装 CLI 时记录版本。 |
179
- | Tier 2 | Gemini、OpenCode、Qwen Code、Hermes、Cursor CLI、Grok Build、Antigravity CLI | 内置 preset + 手动 smoke 覆盖;上游 CLI 行为变化可能需要用户报告后再跟进。 |
180
+ | Tier 2 | Gemini、OpenCode、Qwen Code、Hermes、Pi、Cursor CLI、Grok Build、Antigravity CLI | 内置 preset + 手动 smoke 覆盖;上游 CLI 行为变化可能需要用户报告后再跟进。 |
180
181
  | Custom | 任意可执行命令 | 用户自己维护命令、参数和登录状态;Hive 只保证 PTY/session 包装,不承诺 CLI 专属兼容性。 |
181
182
 
182
183
  ## Hive 提供什么
@@ -188,7 +189,7 @@ Hive 不替你安装这些 CLI。请在启动 Hive 的同一个 shell 环境里
188
189
  - Workflows(实验性,默认关闭):Orchestrator 可以运行多阶段、多 agent 的 workflow,Hive 在 Workflows 面板里展示运行、日志、结果、定时任务和停止控制。
189
190
  - Workflow CLI 策略:为 workflow 创建的 agent 选择默认 CLI,并限制允许使用的 CLI,避免脚本误启未配置的 agent。
190
191
  - `.hive/tasks.md` 编辑器,带外部文件冲突处理。
191
- - PTY 后台保留 + 尽力使用各 CLI 原生 session 恢复。
192
+ - PTY 后台保留;对已配置 session capture 的预设,尽力使用对应 CLI 的原生 session 恢复。
192
193
  - 升级后的 What's New 弹窗,用简短 release highlights 告诉你新版改了什么。
193
194
  - 元数据存在本机 SQLite,Windows 默认在 `%APPDATA%\hive`,macOS / Linux 默认在 `~/.config/hive`,也可以通过 `$HIVE_DATA_DIR` 指定。
194
195
 
@@ -294,7 +295,7 @@ pnpm install
294
295
  pnpm dev
295
296
  ```
296
297
 
297
- 开发模式下 runtime 跑在 `127.0.0.1:4010`,Vite 跑在 `127.0.0.1:5180`,把 API 和 WebSocket 代理到 runtime。
298
+ 开发模式下 runtime 跑在 `127.0.0.1:9483`,Vite 跑在 `127.0.0.1:5180`,把 API 和 WebSocket 代理到 runtime。
298
299
 
299
300
  常用命令:
300
301
 
@@ -308,7 +309,7 @@ pnpm test
308
309
 
309
310
  ```bash
310
311
  pnpm build
311
- node dist/src/cli/hive.js --port 4010
312
+ node dist/src/cli/hive.js --port 9483
312
313
  ```
313
314
 
314
315
  Production 模式下 runtime 直接服务构建好的 web UI,不需要单独的 Vite。
@@ -0,0 +1 @@
1
+ export declare const DEFAULT_HIVE_PORT = 9483;
@@ -0,0 +1 @@
1
+ export const DEFAULT_HIVE_PORT = 9483;
@@ -4,6 +4,7 @@ import { fileURLToPath } from 'node:url';
4
4
  import { HIVE_SUPERVISOR_TOKEN_HEADER } from '../server/external-goal-auth.js';
5
5
  import { readPackageVersion } from '../server/package-version.js';
6
6
  import { sameFilesystemPath } from '../server/path-canonicalization.js';
7
+ import { DEFAULT_HIVE_PORT } from './hive-defaults.js';
7
8
  export const HIVE_MCP_TOOL_NAMES = [
8
9
  'hive.list_workspaces',
9
10
  'hive.inspect_workspace',
@@ -80,7 +81,7 @@ const parseBaseUrl = (argv, env) => {
80
81
  return env.HIVE_MCP_BASE_URL.replace(/\/$/u, '');
81
82
  if (env.HIVE_PORT)
82
83
  return `http://127.0.0.1:${env.HIVE_PORT}`;
83
- return 'http://127.0.0.1:3000';
84
+ return `http://127.0.0.1:${DEFAULT_HIVE_PORT}`;
84
85
  };
85
86
  const readHttpErrorDetail = async (response) => {
86
87
  const text = await response.text().catch(() => '');
@@ -2,6 +2,7 @@
2
2
  import { type RemoteTunnel, type RemoteTunnelDeps } from '../server/remote-tunnel.js';
3
3
  import { type RuntimeStore } from '../server/runtime-store.js';
4
4
  import { type VersionService } from '../server/version-service.js';
5
+ import { DEFAULT_HIVE_PORT } from './hive-defaults.js';
5
6
  interface RunHiveCommandResult {
6
7
  port: number;
7
8
  close: () => Promise<void>;
@@ -40,6 +41,7 @@ type RunHiveCommandOptions = {
40
41
  * registration is mostly about giving SQLite a chance to checkpoint.
41
42
  */
42
43
  export declare const SHUTDOWN_SIGNALS: readonly ["SIGINT", "SIGTERM", "SIGHUP", "SIGBREAK"];
44
+ export { DEFAULT_HIVE_PORT };
43
45
  export declare const HIVE_USAGE: string;
44
46
  export declare const handleHiveInfoCommand: (argv: string[]) => boolean;
45
47
  /**
@@ -13,6 +13,7 @@ import { createRemoteConfigSource } from '../server/remote-config-keys.js';
13
13
  import { createRemoteTunnel, } from '../server/remote-tunnel.js';
14
14
  import { createRuntimeStore } from '../server/runtime-store.js';
15
15
  import { createVersionService } from '../server/version-service.js';
16
+ import { DEFAULT_HIVE_PORT } from './hive-defaults.js';
16
17
  import { runHiveMcpCommand } from './hive-mcp.js';
17
18
  import { runHiveRemoteCommand } from './hive-remote.js';
18
19
  import { runHiveUpdateCommand } from './hive-update.js';
@@ -38,13 +39,14 @@ import { runHiveUpdateCommand } from './hive-update.js';
38
39
  * registration is mostly about giving SQLite a chance to checkpoint.
39
40
  */
40
41
  export const SHUTDOWN_SIGNALS = ['SIGINT', 'SIGTERM', 'SIGHUP', 'SIGBREAK'];
42
+ export { DEFAULT_HIVE_PORT };
41
43
  export const HIVE_USAGE = [
42
44
  'Usage:',
43
45
  ' hive [--port <port>] [--no-open]',
44
46
  ' hive update',
45
47
  '',
46
48
  'Options:',
47
- ' --port <port> Bind the local runtime to a specific port (default: 3000).',
49
+ ` --port <port> Bind the local runtime to a specific port (default: ${DEFAULT_HIVE_PORT}).`,
48
50
  ' --no-open Do not auto-open the browser after start.',
49
51
  ' -h, --help Print this help.',
50
52
  ' -v, --version Print the installed Hive version.',
@@ -89,7 +91,7 @@ const parsePort = (argv) => {
89
91
  parsedPort = port;
90
92
  index += 1;
91
93
  }
92
- return parsedPort ?? 3000;
94
+ return parsedPort ?? DEFAULT_HIVE_PORT;
93
95
  };
94
96
  /**
95
97
  * Resolve the directory where Hive persists its SQLite DB and supporting
@@ -2,9 +2,12 @@ import { classifyCompletedRunStatus, shouldClearResumedSessionOnExit, } from './
2
2
  import { buildAgentRunBootstrap, startAgentRunCapture } from './agent-run-bootstrap.js';
3
3
  import { handleAgentRunExit } from './agent-run-exit-handler.js';
4
4
  import { buildAgentStartupInstructions, buildWorkflowAgentStartupInstructions, } from './agent-startup-instructions.js';
5
+ import { ensureClaudeDirectoryTrusted } from './claude-trust-store.js';
6
+ import { ensureCodexDirectoryTrusted } from './codex-trust-store.js';
5
7
  import { FEATURE_FLAGS_ALL_OFF } from './feature-flags.js';
6
8
  import { createPostStartInputWriter, isInteractiveAgentCommand } from './post-start-input-writer.js';
7
9
  import { isResumeLaunchConfig } from './preset-launch-support.js';
10
+ import { normalizeExecutableToken } from './startup-command-parser.js';
8
11
  import { buildMemoryDigestSafely, logMemoryDigestInjection, rollbackMemoryDigestInjection, } from './team-memory-injection.js';
9
12
  export const createAgentRunStarter = ({ agentManager, registry, onAgentExit, store, sessionStore, tokenRegistry, getCommandPreset, getAgent, restartPolicy, getFlags, memoryInjection, }) => async (workspace, agentId, config, hivePort) => {
10
13
  if (!agentManager)
@@ -27,6 +30,17 @@ export const createAgentRunStarter = ({ agentManager, registry, onAgentExit, sto
27
30
  tokenRegistry,
28
31
  workspace,
29
32
  };
33
+ // Pre-trust the workspace so a CLI's first-run "Do you trust this folder?"
34
+ // prompt never blocks startup-message injection. Each helper is a no-op
35
+ // (and never throws) when the trust flag is already set; both leave other
36
+ // CLIs untouched.
37
+ const commandBrand = normalizeExecutableToken(startConfig.command);
38
+ if (commandBrand === 'claude') {
39
+ ensureClaudeDirectoryTrusted(workspace.path);
40
+ }
41
+ else if (commandBrand === 'codex') {
42
+ ensureCodexDirectoryTrusted(workspace.path);
43
+ }
30
44
  const startInput = {
31
45
  agentId,
32
46
  command: startConfig.command,
@@ -2,7 +2,7 @@ import { FEATURE_FLAGS_ALL_OFF } from './feature-flags.js';
2
2
  import { escapeHiveEnvelopeAttribute, escapeHiveEnvelopeText } from './hive-envelope-escape.js';
3
3
  import { buildOrchestratorReminderTail, buildWorkerReminderTail } from './hive-team-guidance.js';
4
4
  import { PtyInactiveError } from './http-errors.js';
5
- import { createPostStartInputWriter } from './post-start-input-writer.js';
5
+ import { createImmediateInteractiveInputWriter } from './post-start-input-writer.js';
6
6
  import { buildDispatchMemoryDigestSafely, logMemoryDigestInjection, rollbackMemoryDigestInjection, } from './team-memory-injection.js';
7
7
  export const buildOrchestratorReportPayload = (workerName, text, artifacts, flags = FEATURE_FLAGS_ALL_OFF, dispatchId) => {
8
8
  const dispatchAttribute = dispatchId
@@ -108,7 +108,7 @@ export const createAgentStdinDispatcher = ({ agentManager, getLaunchConfig, getW
108
108
  try {
109
109
  const config = getLaunchConfig(workspaceId, agentId);
110
110
  if (agentManager && config) {
111
- return (createPostStartInputWriter(agentManager, config.interactiveCommand ?? config.command)(run.runId, text).catch((error) => {
111
+ return (createImmediateInteractiveInputWriter(agentManager, config.interactiveCommand ?? config.command)(run.runId, text).catch((error) => {
112
112
  throw new PtyInactiveError(error instanceof Error ? error.message : String(error));
113
113
  }) ?? Promise.resolve());
114
114
  }
@@ -0,0 +1,14 @@
1
+ /**
2
+ * Ensure ~/.claude.json marks `cwd` as a trusted folder so claude does not show
3
+ * its first-run trust modal there. Merges into the existing config in place:
4
+ * only the target project entry's trust flags are touched; every other project
5
+ * and every top-level field is preserved. Writes atomically (temp + rename) so
6
+ * a crash mid-write cannot truncate this large shared file.
7
+ *
8
+ * Never throws — a failure here just degrades to claude showing its modal (the
9
+ * pre-existing behaviour), so it must not block member startup.
10
+ *
11
+ * @param cwd Absolute workspace path claude will launch in (the project key).
12
+ * @param homeDir Home directory override, for tests. Defaults to os.homedir().
13
+ */
14
+ export declare const ensureClaudeDirectoryTrusted: (cwd: string, homeDir?: string) => void;
@@ -0,0 +1,67 @@
1
+ import { readFileSync, renameSync, writeFileSync } from 'node:fs';
2
+ import { homedir } from 'node:os';
3
+ import { join } from 'node:path';
4
+ // Claude Code records per-directory trust under projects[<absolute cwd>] in
5
+ // ~/.claude.json. When that entry is missing (or hasTrustDialogAccepted is
6
+ // false), claude shows a blocking "Do you trust this folder?" modal on first
7
+ // launch in that cwd. Pre-seeding the flag before we spawn claude makes the
8
+ // modal never appear, which also unblocks Hive's startup-message injection
9
+ // (the post-start writer's first-run setup guard would otherwise stall on the
10
+ // modal until the hard-timeout fallback fires into a still-open dialog).
11
+ const getClaudeConfigPath = (homeDir) => join(homeDir, '.claude.json');
12
+ const readClaudeConfig = (configPath) => {
13
+ try {
14
+ const raw = readFileSync(configPath, 'utf8');
15
+ const parsed = JSON.parse(raw);
16
+ if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
17
+ return parsed;
18
+ }
19
+ }
20
+ catch {
21
+ // Missing or corrupt file: start from an empty config rather than throwing.
22
+ // A malformed ~/.claude.json is claude's to repair; we only add our key.
23
+ }
24
+ return {};
25
+ };
26
+ /**
27
+ * Ensure ~/.claude.json marks `cwd` as a trusted folder so claude does not show
28
+ * its first-run trust modal there. Merges into the existing config in place:
29
+ * only the target project entry's trust flags are touched; every other project
30
+ * and every top-level field is preserved. Writes atomically (temp + rename) so
31
+ * a crash mid-write cannot truncate this large shared file.
32
+ *
33
+ * Never throws — a failure here just degrades to claude showing its modal (the
34
+ * pre-existing behaviour), so it must not block member startup.
35
+ *
36
+ * @param cwd Absolute workspace path claude will launch in (the project key).
37
+ * @param homeDir Home directory override, for tests. Defaults to os.homedir().
38
+ */
39
+ export const ensureClaudeDirectoryTrusted = (cwd, homeDir = homedir()) => {
40
+ try {
41
+ const configPath = getClaudeConfigPath(homeDir);
42
+ const config = readClaudeConfig(configPath);
43
+ const projects = config.projects ?? {};
44
+ const existing = projects[cwd] ?? {};
45
+ if (existing.hasTrustDialogAccepted === true &&
46
+ Number(existing.projectOnboardingSeenCount) >= 1) {
47
+ return;
48
+ }
49
+ const nextConfig = {
50
+ ...config,
51
+ projects: {
52
+ ...projects,
53
+ [cwd]: {
54
+ ...existing,
55
+ hasTrustDialogAccepted: true,
56
+ projectOnboardingSeenCount: Math.max(1, Number(existing.projectOnboardingSeenCount) || 0),
57
+ },
58
+ },
59
+ };
60
+ const tempPath = `${configPath}.hive-${process.pid}.tmp`;
61
+ writeFileSync(tempPath, `${JSON.stringify(nextConfig, null, 2)}\n`, 'utf8');
62
+ renameSync(tempPath, configPath);
63
+ }
64
+ catch (error) {
65
+ console.error('[hive] swallowed:claudeTrustStore.ensureTrusted', error);
66
+ }
67
+ };
@@ -0,0 +1,14 @@
1
+ /**
2
+ * Ensure ~/.codex/config.toml trusts `cwd` so codex does not show its first-run
3
+ * directory-trust prompt there. Appends a `[projects."<cwd>"]` table with
4
+ * `trust_level = "trusted"` only when that section is absent; existing content
5
+ * (every other project table and all top-level settings) is preserved
6
+ * verbatim. Writes atomically (temp + rename).
7
+ *
8
+ * Never throws — a failure degrades to codex showing its prompt (the
9
+ * pre-existing behaviour), so it must not block member startup.
10
+ *
11
+ * @param cwd Absolute workspace path codex will launch in.
12
+ * @param homeDir Home directory override, for tests. Defaults to os.homedir().
13
+ */
14
+ export declare const ensureCodexDirectoryTrusted: (cwd: string, homeDir?: string) => void;
@@ -0,0 +1,72 @@
1
+ import { mkdirSync, readFileSync, renameSync, writeFileSync } from 'node:fs';
2
+ import { homedir } from 'node:os';
3
+ import { join } from 'node:path';
4
+ // Codex records per-directory trust in ~/.codex/config.toml as a table:
5
+ //
6
+ // [projects."/abs/path"]
7
+ // trust_level = "trusted"
8
+ //
9
+ // Without it, codex shows a blocking "Do you trust the contents of this
10
+ // directory?" prompt on first launch in that cwd. Like the claude case, this
11
+ // also stalls Hive's startup-message injection (the post-start writer's
12
+ // first-run setup guard matches "Do you trust" and waits out the hard timeout
13
+ // into a still-open dialog). Pre-seeding the table before we spawn codex makes
14
+ // the prompt never appear.
15
+ //
16
+ // --dangerously-bypass-approvals-and-sandbox does NOT cover this: it skips
17
+ // command approvals / sandboxing, not the pre-session directory trust gate.
18
+ const getCodexDir = (homeDir) => join(homeDir, '.codex');
19
+ const getCodexConfigPath = (homeDir) => join(getCodexDir(homeDir), 'config.toml');
20
+ // TOML bare-string keys escape backslash and double-quote (see TOML basic
21
+ // strings). POSIX/macOS workspace paths almost never contain these, but quote
22
+ // defensively so a stray char cannot corrupt the file.
23
+ const toTomlQuotedKey = (value) => `"${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
24
+ // Match the exact section header for this cwd, e.g. [projects."/abs/path"],
25
+ // tolerating optional whitespace inside the brackets. Anchored per-line.
26
+ const hasProjectSection = (toml, cwd) => {
27
+ const header = `[projects.${toTomlQuotedKey(cwd)}]`;
28
+ return toml.split('\n').some((line) => line.trim() === header);
29
+ };
30
+ const readConfig = (configPath) => {
31
+ try {
32
+ return readFileSync(configPath, 'utf8');
33
+ }
34
+ catch {
35
+ // Missing (or unreadable) config: start from empty and let codex own the
36
+ // rest of the file. We only ever append our own project table.
37
+ return '';
38
+ }
39
+ };
40
+ /**
41
+ * Ensure ~/.codex/config.toml trusts `cwd` so codex does not show its first-run
42
+ * directory-trust prompt there. Appends a `[projects."<cwd>"]` table with
43
+ * `trust_level = "trusted"` only when that section is absent; existing content
44
+ * (every other project table and all top-level settings) is preserved
45
+ * verbatim. Writes atomically (temp + rename).
46
+ *
47
+ * Never throws — a failure degrades to codex showing its prompt (the
48
+ * pre-existing behaviour), so it must not block member startup.
49
+ *
50
+ * @param cwd Absolute workspace path codex will launch in.
51
+ * @param homeDir Home directory override, for tests. Defaults to os.homedir().
52
+ */
53
+ export const ensureCodexDirectoryTrusted = (cwd, homeDir = homedir()) => {
54
+ try {
55
+ const configPath = getCodexConfigPath(homeDir);
56
+ const existing = readConfig(configPath);
57
+ if (hasProjectSection(existing, cwd))
58
+ return;
59
+ const section = `[projects.${toTomlQuotedKey(cwd)}]\ntrust_level = "trusted"\n`;
60
+ // Separate from prior content with a blank line, matching codex's own
61
+ // formatting. An empty/period-terminated file needs no leading newline.
62
+ const separator = existing.length === 0 ? '' : existing.endsWith('\n') ? '\n' : '\n\n';
63
+ const next = `${existing}${separator}${section}`;
64
+ mkdirSync(getCodexDir(homeDir), { recursive: true });
65
+ const tempPath = `${configPath}.hive-${process.pid}.tmp`;
66
+ writeFileSync(tempPath, next, 'utf8');
67
+ renameSync(tempPath, configPath);
68
+ }
69
+ catch (error) {
70
+ console.error('[hive] swallowed:codexTrustStore.ensureTrusted', error);
71
+ }
72
+ };
@@ -1,5 +1,5 @@
1
1
  import type { SessionIdCaptureConfig } from './session-capture.js';
2
- export declare const BUILTIN_COMMAND_PRESET_IDS: readonly ["claude", "codex", "opencode", "gemini", "hermes", "qwen", "agy", "cursor", "grok"];
2
+ export declare const BUILTIN_COMMAND_PRESET_IDS: readonly ["claude", "codex", "opencode", "gemini", "hermes", "qwen", "pi", "agy", "cursor", "grok"];
3
3
  export type BuiltinCommandPresetId = (typeof BUILTIN_COMMAND_PRESET_IDS)[number];
4
4
  export interface BuiltinCommandPresetDefaults {
5
5
  id: BuiltinCommandPresetId;
@@ -6,6 +6,7 @@ export const BUILTIN_COMMAND_PRESET_IDS = [
6
6
  'gemini',
7
7
  'hermes',
8
8
  'qwen',
9
+ 'pi',
9
10
  'agy',
10
11
  'cursor',
11
12
  'grok',
@@ -15,6 +16,7 @@ const OPENCODE_DEFAULT_YOLO_ARGS = [];
15
16
  const GEMINI_DEFAULT_YOLO_ARGS = ['--yolo'];
16
17
  const HERMES_DEFAULT_YOLO_ARGS = ['--yolo'];
17
18
  const QWEN_DEFAULT_YOLO_ARGS = ['--approval-mode', 'yolo'];
19
+ const PI_DEFAULT_YOLO_ARGS = ['--approve'];
18
20
  const AGY_DEFAULT_YOLO_ARGS = ['--dangerously-skip-permissions'];
19
21
  const CURSOR_DEFAULT_YOLO_ARGS = ['--force'];
20
22
  const GROK_DEFAULT_YOLO_ARGS = ['--always-approve'];
@@ -85,6 +87,14 @@ export const BUILTIN_COMMAND_PRESETS = [
85
87
  },
86
88
  yoloArgsTemplate: QWEN_DEFAULT_YOLO_ARGS,
87
89
  },
90
+ {
91
+ command: 'pi',
92
+ displayName: 'Pi',
93
+ id: 'pi',
94
+ resumeArgsTemplate: null,
95
+ sessionIdCapture: null,
96
+ yoloArgsTemplate: PI_DEFAULT_YOLO_ARGS,
97
+ },
88
98
  {
89
99
  command: 'agy',
90
100
  displayName: 'Antigravity CLI',
@@ -4,4 +4,5 @@ export declare const isInteractiveAgentCommand: (command: string) => boolean;
4
4
  export declare const hasFirstRunSetupPrompt: (output: string) => boolean;
5
5
  export declare const hasInteractivePromptReady: (output: string, command?: string) => boolean;
6
6
  export declare const hasBracketedPasteAcknowledgement: (output: string, baselineLength: number) => boolean;
7
+ export declare const createImmediateInteractiveInputWriter: (agentManager: AgentManager, command: string) => ((runId: string, text: string) => Promise<void>);
7
8
  export declare const createPostStartInputWriter: (agentManager: AgentManager, command: string) => ((runId: string, text: string) => Promise<void>);